IP Traceback using Flow Based Classification-Reference-Cited by-同舟云学术

IP Traceback using Flow Based Classification

Published:2020-08-12 Issue:3 Volume:13 Page:482-490
ISSN:2666-2558
Container-title:Recent Advances in Computer Science and Communications
language:en
Short-container-title:RACSC

Author:

Bhavani Yerram¹,Janaki Vinjamuri²,Sridevi Rangu³

Affiliation:

1. Department of Information Technology, Kakatiya Institute of Technology & Science, Warangal, India

2. Department of Computer Science and Engineering, Vaagdevi College of Engineering, Warangal, India

3. Department of Computer Science and Engineering, Jawaharlal Nehru Technological University, Hyderabad, India

Abstract

Background:Distributed Denial of Service (DDoS) attack is a major threat over the internet. The IP traceback mechanism defends against DDoS attacks by tracing the path traversed by attack packets. The existing traceback techniques proposed till now are found with few short comings. The victim required many number of packets to trace the attack path. The requirement of a large number of packets resulted in more number of combinations and more false positives.Methods:To generate a unique value for the IP address of the routers in the attack path Chinese Remainder theorem is applied. This helped in combining the exact parts of the IP address at the victim. We also applied K-Nearest Neighbor (KNN) algorithm to classify the packets depending on their traffic flow, this reduced the number of packets to reconstruct the attack path.Results:The proposed approach is compared with the existing approaches and the results demonstrated that the attack graph is effectively constructed with higher precision and lower combination overhead under large scale DDoS attacks. In this approach, packets from diverse flows are separated as per flow information by applying KNN algorithm. Hence, the reconstruction procedure could be applied on each group separately to construct the multiple attack paths. This results in reconstruction of the complete attack graph with fewer combinations and false positive rate.Conclusion:In case of DDoS attacks the reconstruction of the attack path plays a major role in revealing IP addresses of the participated routers without false positives and false negatives. Our algorithm FRS enhances the feasibility of information pertaining to even the farthest routers by incorporating a flag condition while marking the packets. The rate of false positives and false negatives are drastically reduced by the application of Chinese Remainder Theorem on the IP addresses of the router. At the victim, the application of KNN algorithm reduced the combination overhead and the computation cost enormously.

Publisher

Bentham Science Publishers Ltd.

Subject

General Computer Science

Reference19 articles.

1. S.S.L. Pereira, J.E.B. Maia, and J.L. de Castro e Silva, “ITCM: A real time internet traffic classifier monitor, ” Int, J. Comput. Sci. Inf. Technol. 6, Issue 6,23-38, December 2014

2. Y. Wang and S. Yu, “Machine learned real-time traffic classifiers, ” In IEEE 2 nd International Symposium on Intelligent Information Technology Application. 2008,449-454

3. A. Asosheh, and N. Ramezani, “A comprehensive taxonomy of DDOS attacks and defense mechanism applying in a smart classifi-cation, ” WSEAS Trans. Comput. 7,281-290,2008

4. H. Burch, and B. Cheswick, “Tracing anonymous packets to their approximate source, ” In Proceedings of USENIX LISA. 2001,319-327

5. Y. Bhavani, V. Janaki, and R. Sridevi, “IP traceback through modi-fied probabilistic packet marking algorithm, ” In IEEE Region10 conference TENCON. 2013, pp.1565-1569